Check out some similar questions!

DJ-Jokool · Feb 20, 2007, 12:58 AM

Hi all I'm new here, I'm a noobs in this site.. I just would like to ask you peeps if someone here encoutered same problem. My computer is infected with worm vb.k as what AVG detected. I creates New Folder.exe in my drives. Then I can't access my registry, msconfig and task manager. I have tried doing HJT on the computer and also tried sysmantec way of editing the registry. I play with registry also delete policies. I manage to gain the computer again but when I turn it off and boot the following morning the virus or the worm is there again help... :(

Curlyben · Feb 20, 2007, 01:24 AM

C&P time again:

Originally Posted by Curlyben

To make sure everything is running fine run both anti virus and anti spyware apps in normal AND safe modes. (make sure that they are updated first ! ;)) (AVG is good and free AV)
(A couple of good removal tools are Spybot and Adaware)

ALso an on line virus and spyware scanner is Trend Housecall

Just a note; actively running two AV's on one machine can cause problems.
So if you are thinking about it make sure your current one is disabled first.
Same thing applies to online scanners as well.

Then remove any left over junk and clean the registry.
Removal of junk files is easy with CCleaner a free app that does exactly what.

**A word of warning**
NEVER mess about in the registry as removing the wrong key will result in a non functioning comouter and the need for a complete rebuild

DJ-Jokool · Feb 20, 2007, 01:33 AM

Guys is there a manual way of doing this.. I know about destroying the O.S. if messing up with the registry. Thanks for the warning.. I very cautious on doing it :) any does this Spybot and CCleaner run or windows 2000 or Windows 2000 server

Curlyben · Feb 20, 2007, 01:35 AM

Manual; WHY? Use the all the tools you can
Win2000 No worries

talaniman · Feb 20, 2007, 05:38 AM

I use spybot search and destroy and avant anti virus with some good results as I'm all over the web. No problem on windows XP.

mcgaiver · Feb 18, 2008, 11:00 PM

Here's a way to manually remove the virus. I assume you couldn't execute task manager too.

1) First you have to disable the process
*start command prompt
*check the running process by tasklist command (i.e. C:\>tasklist)
*look for malicious process like blastclnnn.exe, SSVIHOST.exe, New Folder.exe...
*terminate each malicious process by using taskill command(i.e. C:\>TASKKILL /F /IM SSCVIHOST.EXE).

2)Now that you've killed the process, you have to delete the virus file from the system32 folder(autorun.ini, SSVIHOST.exe, blastclnnn.exe) but you have to change their attributes by command prompt before you could delete them. Wondering why the virus keeps on running the next day? That's because the virus crated a task alt1.job to ensure that it'll always execute every 9:00 am everyday. You could delete this at Scheduled Tasks folder.

3)Now you have to enable the Task Manager & Registry Editor at Group Policy.

4)Lastly, you have to search delete all the new folder.exe:( . Be sure not to execute them or you'll have to start over again. There's a way to prevent you from accidentally opening them. But I'm to busy to explain. I'm creating program to automatically fix this pesky virus. :D just IM me at [email protected] if you need more guidance.

TechEmperor · Feb 19, 2008, 10:46 AM

For anyone having trouble re-enabling the task manager this article has step by step instructions, lists the registry keys necessary, and even provides a batch file to do it for you.